Researchers have disclosed the main points of a brand new {hardware} assault that has been demonstrated towards AMD and Intel techniques, however the chip giants don’t seem involved as the tactic requires bodily entry to the focused system.
The assault methodology, named Battering RAM, was found by a group of educational researchers representing KU Leuven in Belgium and the College of Birmingham and Durham College within the UK.
The researchers late final yr disclosed the main points of BadRAM, an assault that used $10 tools to interrupt AMD’s trusted execution atmosphere protections, enabling attackers to achieve entry to doubtlessly delicate info saved in reminiscence.
They’ve now introduced Battering RAM, which might bypass trendy defenses delivered by Intel and AMD cloud processors.
Based on the researchers, the assault can break Intel SGX and AMD SEV-SNP confidential computing applied sciences which might be extensively utilized by cloud suppliers and designed to guard delicate knowledge even from malicious insiders and attackers who’ve entry to the host system.
Battering RAM entails planting a tool known as an interposer between the CPU and the DRAM reminiscence. The interposer, which the researchers managed to construct for less than $50, is hooked up to the DIMM and may sit quietly to keep away from detection. Nonetheless, with the flip of a change, the system may be enabled to silently redirect protected reminiscence addresses to places managed by the attacker.
“Our stealthy interposer bypasses each reminiscence encryption and state-of-the-art boot-time defenses, invisible to the working system,” the researchers defined. “It permits arbitrary plaintext entry to SGX-protected reminiscence, and breaks SEV’s attestation function on totally patched techniques. Finally, Battering RAM exposes the boundaries of at present’s scalable reminiscence encryption.”
Conducting a Battering RAM assault requires bodily entry to the focused system, however the researchers argue that the attacker solely wants entry to the system for a brief period of time. They imagine that in actual world environments such assaults could also be performed by rogue cloud workers, knowledge heart technicians, legislation enforcement, and thru provide chain assaults concentrating on reminiscence modules throughout manufacturing or transport.Commercial. Scroll to proceed studying.
The researchers famous that the interposer they designed solely works towards DDR4 reminiscence, however they imagine a extra superior interposer might be able to conduct assaults on DDR5 as effectively because of the underlying subject not being fastened.
Intel and AMD had been notified in regards to the findings in February 2025. Whereas each distributors printed safety advisories on Tuesday, the day the analysis was printed, they each identified that assaults requiring bodily entry to the focused system aren’t in scope of their merchandise’ risk mannequin.
Intel identified that a few of its Xeon processors embody a function named Complete Reminiscence Encryption – Multi-Key (TME-MK), which might present further safety towards such assaults. The seller additionally urged clients to make sure the bodily safety of units, together with by means of instruments supplied by the corporate.
The researchers confirmed that software program or firmware updates can not patch the vulnerability.
Along with a paper describing the findings, the consultants made public all of the technical info wanted to construct a Battering RAM interposer.
Associated: Intel TDX Join Bridges the CPU-GPU Safety Hole
Associated: Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia
Associated: Intel Worker Knowledge Uncovered by Vulnerabilities
